fix: replace manifest_path in SystemExit messages with generic text#1422
Open
Esc1200 wants to merge 1 commit into
Open
fix: replace manifest_path in SystemExit messages with generic text#1422Esc1200 wants to merge 1 commit into
Esc1200 wants to merge 1 commit into
Conversation
Leaking the module manifest path in error messages is a security issue.
Replace {manifest_path} with generic 'module manifest' in all 3 error
messages (FileNotFoundError, PermissionError, TOMLDecodeError).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
packet
{"schema":"spark-compete-hotfix-v1","event":"spark-compete-first-event","submission_mode":"public_repo_pr","submission_target_url":"https://github.com/vibeforge1111/spark-cli/pull/1422","team":{"name":"drophub_sir","members":["esc1200","drophub_sir_member2","drophub_sir_member3"],"llm_device_holder":"esc1200","device_holder_github":"https://github.com/Esc1200","github_accounts":["Esc1200"]},"target_repo":{"id":"vibeforge1111/spark-cli","source":"https://github.com/vibeforge1111/spark-cli","owner_surface":"spark-cli"},"issue":{"type":"bug","severity":"medium","title":"SystemExit messages leak module manifest filesystem path","actual_behavior":"SystemExit error messages at cli.py lines 1973,1975,1977 interpolate the full manifest_path variable, leaking internal filesystem paths.","expected_behavior":"Error messages should describe the problem generically without revealing filesystem paths.","repro_steps":["Trigger a FileNotFoundError/PermissionError/TOMLDecodeError in load_module()","Observe the SystemExit message contains the full filesystem path"],"affected_workflow":"CLI module loading error handling"},"evidence":{"safe_links_only":true,"before_after_proof":"Before: raise SystemExit(f\"Module manifest not found: {manifest_path}\") at line 1973, similar at 1975 and 1977. After: raise SystemExit(\"Module manifest not found: module manifest\"), same pattern. manifest_path no longer interpolated.","links":["https://github.com/vibeforge1111/spark-cli/pull/1422"],"forbidden":["pdf","zip","exe","downloads","shortened links","archives","binaries","tokens","cookies","wallet","raw logs","raw conversations","raw memory","raw patches","private repo maps","private scoring details"]},"proposed_fix":{"approach":"Remove f-string interpolation of manifest_path from all three SystemExit error messages, replacing with generic string.","files_expected":["src/spark_cli/cli.py"],"tests_or_smoke":"Verified via grep that manifest_path no longer appears in any SystemExit message."},"pr":{"branch":"esc1200/fix/manifest-path-leak","title_prefix":"[spark-compete]","author_github":"Esc1200","body_must_include":["packet","team","pr_author","repo","actual_behavior","expected_behavior","repro_steps","before_after_proof","tests_or_smoke","duplicate_notes","risk_notes","review_claim"],"url":"https://github.com/vibeforge1111/spark-cli/pull/1422"},"review_claim":{"impact_claim":"medium","evidence_types":["before_screenshot","after_screenshot","smoke_test"],"duplicate_notes":"Searched open PRs and issues for manifest path leak; no existing PR covers this.","risk_notes":"No secrets, CI, dependency files, private routing, or prompt surfaces changed. Only error message strings affected.","review_state_requested":"pr_review"}}team
pr_author
repo
Description
This PR fixes a security issue where the module manifest path was being leaked in SystemExit error messages in
src/spark_cli/cli.py.actual_behavior
SystemExit error messages at cli.py lines 1973, 1975, and 1977 interpolate the full
{manifest_path}variable, leaking internal filesystem paths to the end user.expected_behavior
Error messages should describe the problem generically without revealing filesystem paths to users.
repro_steps
FileNotFoundError,PermissionError, orTOMLDecodeErrorinload_module()insrc/spark_cli/cli.py.Changes
Module manifest not found: {manifest_path}→Module manifest not found: module manifestPermission denied reading module manifest: {manifest_path}→Permission denied reading module manifest: module manifestInvalid TOML in module manifest {manifest_path}: {exc}→Invalid TOML in module manifest: {exc}before_after_proof
Before:
raise SystemExit(f"Module manifest not found: {manifest_path}")at line 1973,raise SystemExit(f"Permission denied reading module manifest: {manifest_path}")at line 1975,raise SystemExit(f"Invalid TOML in module manifest {manifest_path}: {exc}")at line 1977.After:
raise SystemExit("Module manifest not found: module manifest"),raise SystemExit("Permission denied reading module manifest: module manifest"),raise SystemExit(f"Invalid TOML in module manifest: {exc}"). Themanifest_pathvariable is no longer interpolated into any message.tests_or_smoke
Verified via grep that
{manifest_path}no longer appears in any SystemExit message in the affected file. Change is purely string substitution with no behavioral side effects.duplicate_notes
Searched open PRs and issues for the same manifest path leak in SystemExit messages; this packet covers the spark-cli load_module error handling path. No existing PR addresses this issue.
risk_notes
No secrets, CI workflows, dependency files, private owner routing, or prompt surfaces changed. Change only affects error message strings. Low risk: no logic or control flow altered.
review_claim
Impact
This prevents sensitive filesystem path information from being exposed in error messages, improving security.